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FLEXIBLE INTERFACE FOR SECURE INPUT 07. PIN CODS 

The invention is related to interfaces between man 
and machine auch as computer, telephone or television 
5 devices, which need a Personal Identification Number 
(PIN) to authenticate the ueer running an 
application. 

By running an application, one should understand 
to continue or to have access to an application or to 

io specific resources of an application. 

The invention is more particularly but not 
excluaively related to a system and a method used in 
an interactive information system such as an 
entertainment system. 

is Requirements for security in interactive 

entertainment systems are contradictory. 

This is because r in order to run an application, 
an authentication of the user/viewer is needed while 
using the specific look and feel of the application. 

30 However, it is also preferred that the PIN code 
should not be given to the application for security 
purpose . 

In fact, two types of solutions are presently 
known for authentication. Both present drawbacks, ae 
25 they are only capable of fulfilling part : of the above 
repair ements . 

Either the application presents its own user 
interface for PIN entry, then queries the underlying 
system to check if the given PIN ia correct. 
30 Thie solution does not hide the PIN code from the 

application. 




Or the application requests the underlying lystem 
to authenticate the viewer. For this the underlying 
system, using its own look and feel, prompts the 
viewer for its PIN, verifies its validity and then 
s returns the information that the viewer is authorised 
or not to the application. 

This aolution ie safe, but does not allow 
integration of the PIN entry wirh the application 
look and feel. 

10 In other words and referring to figure l, it is 
shown a system which presents a good look and feel , 
but which ia not safe, as the PIN code is known by 
the application. 

•More precisely, the application 1 has total 

15 control of the look and feel. 

The viewer provide a hi a PIN code through input 
means 2 in digital data to the application via an 
input device, for instance transmitted as infrared 
signals 3 to the device on which runs the application 

20 which displays in 4 the look and feel for the PIN 
entry field. 

Such application, which is now aware of the PIN . 
code/ transmits it in 5 to security manager * means 6 
which t after checking, confirms in 1 authorisation 
25 from the system B. 

The PIN code (Input means 2) is therefore provided 
outside of the system fi, which is unsecured/ and may 
allows third parties to have access to the PIN code. 
Figure 2 displays the other way of functioning of 
30 a known Byatem of the prior art. 



Here, the application 1 haa no control over the 
look and feel, contrarily to the precedent case. 

The application 1 requests in 9 the system 9 to 
identify the user. 

The security manager means 6 uses the input means 
2 (PIN Code) i provided in 3 and the display screen to 
create in 4 a display of the PIN entry field. 

When the security manager meane 6 haa checked the 
PIN code, it gives authorisation (7) to display or to, 
access to resource to the application 1. 

On a security point of view this system is good, 
as, at no pointy the system 8 gives out the £IN code 
co the application. 

However, the look and feel is here totally under 
system control, without any consideration for the 
current application look and feel . 

It ie therefore a main object of the present 
invention to provide an improved system and method 
for authorising a secure way of authentication for an 
access to an application through a PIN code* while 
using the look and feel of said application during 
the PIN code interrogation. 

It is another object of the invention to provide 
an improved system and method wherein the safety 
needed for PIN code entry, ie combined with perfect 
integration of the prompt with the service. 

It ia another objet of the invention to provide a 
simple and cost saving flexible interface for secure 
input of a PIN code. 

The problems outlined above are in large part 
eolved by a system for authenticating a PIN code of a 



user in an interactive information system, in order 
to run an application which comprises : 

• input means for PIN code entry, 

• security manager means for comparing the PIN 
code of the user, upon a request for user 
authentication from the application, with a 
registered PIN code, and giving authorisation to run 
said application if aaid PIN code of the user matches 
the registered PIN code, 

• and display means for displaying any graphics 
including a PIN entry field, 

characterised in that 

the request for uaer authentication being provided on 
the display meane via the PIN entry field with the 
look and feel e>f aaid application, the system further 
comprises emitting means for entering crypted digits 
in said PIN entry field upon entering the PIN code of 
the user in the security manager means . through said 
input means, 

and the security manager means are arranged to give 
authorisation to run the application after full entry 
of said crypted digits and if the PIN code of the 
user is identical to the registered PIN code, 

With such eystem the PIN code remains hidden from 
the environment, the user having only the impression 
to enter physically hi a PIN code within the PIN entry 
field of the application. In fact, it remains in the 
security manager means, which is within the system. 

In a preferred embodiment the application ie a 
television program. 



The invention alfio provides a method for 
authenticating a PIN code of a uaer in an interactive 
information eyatem, in order to run an application, 
wherein eaid information system emits a request for 
authenticating a uaer, " 

said user enters a PINT code through input means, 
said PIN code of the user is compared with a 
registered PIN code, within security manager means, 
and authorisation iB provided to run said application 
if the PIN code of the user matches with the 
registered PIN code, 
characterised in that 

- the request for authenticating being provided with, 
a PIN entry field having the look and feel of the 
application, 

- crypted digita are entered in eaid PIN entry 
field, upon entering the PIN code by the user in the 
security manager means, 

' and authorisation to display the application ie 
only provided after full entry of said crypted 
digitB, and if the PIN code signal of the user is 
identical to the registered PIN code ae checked by 
the security manager means. 

The invention will be better undergtood from 
reading the following description of a particular 
embodiment given by way of non limiting example, and 
which refers, additionally to the above mentioned 
figures showing the prior art, to the accompanying 
drawings in which ; 



- Figures 1 and 2, already mentioned, are 
schematic drawings figuring the architecture of the 
PIN code interface of the prior art. 

- Figure 3 is a schematic drawing showing the 
archicecture of the system according to the present 
invention, 

- Figure 4 'ia a schematic drawing showing an 
interactive television system for implementing the 
invention. 

- Figure 5 ia a flowchart related to the. 
application according to the embodiment of the 
invention more particularly described here. 

- Figure 6 ia a flowchart implemented by the 
security manager means according to the embodiment of 
the invention more particularly described here. 

Figure 3 shows a 'System 10 arranged to 
authenticate the user before running an application 
11, according to the invention. 

The application 11 initiates a PIN entry request 
12 to authenticate the user request and 
simultaneously asks the security manager means 13 to 
handle key input 14 to be introduced through Input 
means 15, for instance through a key pad. 

The security manager means 13 comprises a small 
computer system including a central processing unit 
(CPU) , memory and local Btorage. It is connected to 
input/output ports. 

Xt ia programmed in order to provide the different 
steps according to the method of the invention. 

The application having total control over the 
graphics displayed and their look and feel* the look 



.and feel 16 for PIN entry is provided an display 
means 17 according to the application. 

The display means can be a TV screen, an LCD 
screen of a remote portable telephone, ecc. 
5 As the security manager means 13 is asked to enter 

the PIN entry mode, it grabs key input a 14, analyses 
these inputs for user authentication and relays in IS 
the key presses to the application. 

The security manager means does not relay the key 
io values, which therefore remains within, the system, 
but only relays the fact that a key haa been pressed, 
letting for instance the application display an X for 
each key pressed, in the PIK entry field. 

Thie way the application does not learn about the 
is PIN, but can give user feedback IS to the display 
means 17 . 

When the security manager means 13 recognises the 
PIN, it informs in 20 the application that the 
user /viewer has been authenticated. 
20 The application can then run, be displayed and/or 

operate . 

Figure 4 shows schematically an interactive 
television system 21 including a system S according, 
to the embodiment o£ the invention more particularly 
25 described here. 

A broadcaster 22 transmit through a : satellite 23 
the signal corresponding to the look and feel of an 
application request (arrows 24), for instance a Pay 
TV program. 




The signal is provided to a digital interactive 
decoder 25, currently packaged in a set -top connected 
to a television 26. 

It delivers true interactive television using the 
broadcast-oriented infrastructure currently 

predominant in the television industry. 

The decoder 25 comprises in a manner known per se, 
a . demultiplexer 27 and an application programming 
interface 2B, stored in a local memory (RAM, EPROM 
SPLASH memory,. such aa the one proposed by the 

applicant OPEN TV, and which provides a library of 
functions which can display graphics on the 
television screen, control audio/video services, 
accept user input and communicate with the outside 
world. 

The decoder 25 also comprises a CPU 2s, 
Audio/video decoding means 30, connected through 
audio video output 31 to che television set 26, 
storage means 32 for storing an operating ay at em for 
the CPU 29, euch as the, one provided by OPEN TV... . 

The CPU 29 further includes part of the security 
manager means 33 as described in the invention. 

The decoder 25 also comprises Tnput means 34 such 
as infrared sensors arranged to receive infrared 
signals 35 emitted by a remote control apparatus 36 
having a key pad 37, and display function means 3s 
controlled by the CPU. 

The decoder 25 also comprises output means having 
a. modem and/ or a multiplexer 3 9 for providing back 
return signals 40 on a return channel to the 
broadcaster 22 and/or a server. 




The broadcast system may be, of course baae4 on 
satellite or cable or some other medium. 

Figure 5 shows a block diagram according co an 
embodiment ' of the invention to be included in an 
s application to authenticate the users to continue or 
to have access to specific resources which needs ' 
authentication by a PIN code. 

The application first uses Some display function 
(block 41) to present a PIN entry field to the 
10 viewer. 

It then aeke . the security manager means to enter 
the PIN entry mode and check in 43 if key9 are 
pressed. 

As keys are pressed; it gives (block 44) feedback 

is using the display function. 

If the user is not authenticated {step 45) # it 

comes back (loop 46) to check 43. 

If the user is authenticated (in 47), there is an 

OK from the security manager means and the. 

20 application can go on, (step 46) . 

An example of a block diagram of the security 
* ♦ > 

manager program is provided on figure 6 and is; 

performed' entirely (and secretly) within the System 

25 At the application request in 49 , the security 
manager means enters a PIN entry mode (step 50} . 

The PIN repertory is then initialised to empty in 
51 and the system wait for a key to be pressed (check 
52) . 



If the key ie an « ending » key (for instance OK 
or enter), (check 53) there is a release of the key 
input grabbing (step 54) . 

It not there ia a loop 55 for more key. 
After release of the* key input grabbing, the 
security manager means cheeks in 56 the entered PIK 
against the user's PIN. 

It then either returns aucceea (step 57) , or 
failure (step 58) to application (step 45 o£ the 
application), before exiting PIN entry mode in 59. 

It will now be described the functioning of the 
system while referring to figure 4. 

At the broadcast site, pay TV programs, of a 
Specific Provider are stored. 

The pay TV programs are encoded into a digital 
bitstream which ia compressed and multiplexed with 
the signal of the PIN code field of the Specific 
Provider, including its logo and a menu to allow the 
viewer to have access to other movies of the 
20 provider, to form a single bitstream. 

This single bitatream is then broadcasted* to all 
subscribers. At each customer's site, the bitstream 
is received by the decoder 25 where the audio and 
video are decompressed and the PIN code field ie sent 
25 to the customer's television set 2S. 

The request for the PIN code of s the user is 
therefore prompted to the viewer. 

The viewer then, for instance through a remote 
control apparatus, can enter his PIN code by pressing 
30 keys. 



At each pressing, a cross appears in the PIN entry 
fiald on the TV Screen. 

Meanwhile the Security manager means 33 compares 
the PIN code with a preregistered user's PIN code 
entered before in the v decoder f gr instance via a 
modem. 

If the PIN codes matches, signals are sent to the 
application- decoding process 30, and auch decoding 
process is then authorised for displaying the 
application on the TV set. 

Additional advantages and modifications will 
readily occur to those skilled in the art. Therefore 
the present invention in its broader aspects, is not 
limited to the specific . details, representative 
devices and illustrated examples shown and described 
herein. 

For instance, it also includes application to PIN 
code entry for obtaining specific services through ; 
mobile phone, for instance via G$M, or other specific 
services via Television and/or Internet. 




1. A eygtem (10, S) for authenticating a PIN code 
of a user in an interactive information system in 
5 order to run an application (11)-, 
wherein it comprises 

- input means (15; 34, 35, 36, 37) for PIK code 
entry, 

- security manager meana (13 , 33) for comparing 
10 the piN code of the uaer upon a request for user 

authentication from the application, with a 
registered PIN code, and giving authorisation to run 
said application if the PIN code of the user matches, 
with the registered PIN code, and 
is - display means (1*3, 29, 3B) for displaying any. 

graphics including a PIN entry field, 
characterised in that 

the request for user authentication being provided on 
the display means via the Pin entry field with the 

aa look and feel of Baid application, the aystem further 
comprises emitting means (29, 3a> for entering 
crypted digits in said PIN entry field upon entering 
the pin code of the uaer in the security . manager 
means through said input means, 

23 and the security manager means (13, 33) are arranged 
to give authorisation to run the application after, 
full entry of eaid crypted digits and if the PIN code 
of the uaer is identical to the registered PIN code. 
2. h system according to claim 1 characterised in 

30 that the application is a television program. 



3. A system according to claim 1, characterised 
in that the application ia a service provided on 
mobile Telephone. 

4. A method for authenticating a PIN code of a 
user in an interactive ^information system, in order 
to run an application, 

wherein said information system emits a request for 
authenticating a user (41) , 

said user enters a PIN code (43) through input means/ 
said PIN code of the user is compared (45) with a 
registered PIN code within security manager means, 
and authorisation is provided to run said application 
if the PIN code of the user matches with the 
registered PIN code, 
characterised in that 

- the request for authenticating being provided with 
a PIN entry field having the look and feel of the 
application, 

- crypted digits are entered (44) in said PIN entry 
field, upon entering the PIN code by the user' in the 
security manager means, 

and authorisation to display the application is only 
provided (47) after full entry of said crypted 
digits, and if the PIN code of the user is identical 
to the registered PIN code as checked by the security 
manager means. 

5. A method according to claim 4, characterised, 
in that, for preaencing the request for 
authentication, the application undertakes the 
following steps : 



14 



- presenting a PIN entry field to tha uaer (41) , 

- asking the security manager means to enter a PIN 
Entry Mode (42) , 

- the input meana. comprising keys, checking if keys 
s are pressed by the user (43) , 

- while keys are pressed, giving feedback in 
entering said crypted digits in said PIN entry field 
(44) , and, 

- if the user is authenticated (45) by said security 
10 manager means, giving said authorisation (47) to 

display £49) the application. 

6, A method according to any of claims 4 and 5, 
characterised in that, for providing the 
authorisation to display the application the security* 
15 manager means undertakes the following steps : 

- at the request of the application entering a PIN 
entry mode (50) , 

- initialising to empty a PIN repertory (51) and, 
the. input means comprising keys, waiting for a key to' 

20 be pressed by the user (52) , 

- upon occurrence of pressing an « ending key », ■ 
checking if a release occurs (53) , checking the 
entered PIN againBt the user's PIN (55), and : if 
success authorising the application to run. 

25 7. A method according to any of claims 4 to €, 
characceriaed in chat the application ia a Television 
program. 

• 8. A method according to any of claims 4 to $ t 
characterised in that the application is a service 
3b provided on a mobile telephone. 
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ABSTRACT 

The present invention concerns a system {10 J and 
a process for authenticating a pin code of a ueer in 
5 an interactive information syscem in order to run an 
application. It comprises input means (15) for PIN 
code entry, security manager means (13) for comparing 
the PIN code of the uaer upon a request for user 
authentication from the application, with a 

10 registered PIN code, and giving authorisation to run, 
gaid application if the PIN code of the ueer matches 
with the registered PTtS code, and display means (17)" 
for displaying any graphics including a PIN entry 
field. The request for user authentication is 

IS provided on the display means via the Pin entry field 
with the look and feel of Baid application. The 
system further comprises emitting means for entering 
crypt ed digits, the security manager means (13) being- 
arranged to give authcrie&tion to run the application 

ao after full entry of said crypted digits and if the 
PIN code of the uaer ia identical to the registered 
PIN code. 

Figure 3 
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Form PCT/l PEA/409 (cover sheet) (January 1994) 




INTERNATIONAL PRELIMINARY 

EXAMINATION REPORT International application No. PCT/IB99/01 21 3 



I. Basis of the report 

1 . With regard to the elements of the international application (Replacement sheets which have been furnished to 
the receiving Office in response to an invitation under Article 14 are referred to in this report as "originally filed" 
and are not annexed to this report since they do not contain amendments (Rules 70. 16 and 70.17)): 
Description, pages: 

1-11 as originally filed 

Claims, No.: 

1-8 as originally filed 

Drawings, sheets: 

1-5 as originally filed 



2. With regard to the language, all the elements marked above were available or furnished to this Authority in the 
language in which the international application was filed, unless otherwise indicated under this item. 

These elements were available or furnished to this Authority in the following language: , which is: 

□ the language of a translation furnished for the purposes of the international search (under Rule 23.1 (b)). 

□ the language of publication of the international application (under Rule 48.3(b)). 

□ the language of a translation furnished for the purposes of international preliminary examination (under Rule 
55.2 and/or 55.3). 

3. With regard to any nucleotide and/or amino acid sequence disclosed in the international application, the 
international preliminary examination was carried out on the basis of the sequence listing: 

□ contained in the international application in written form. 

□ filed together with the international application in computer readable form. 

□ furnished subsequently to this Authority in written form. 

□ furnished subsequently to this Authority in computer readable form. 

□ The statement that the subsequently furnished written sequence listing does not go beyond the disclosure in 
the international application as filed has been furnished. 

□ The statement that the information recorded in computer readable form is identical to the written sequence 
listing has been furnished. 

4. The amendments have resulted in the cancellation of: 

□ the description, pages: 

□ the claims, Nos.: 
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□ 



the drawings, 



sheets: 



5. □ This report has been established as if (some of) the amendments had not been made, since they have been 

considered to go beyond the disclosure as filed (Rule 70.2(c)): 

(Any replacement sheet containing such amendments must be referred to under item 1 and annexed to this 
report.) 

6. Additional observations, if necessary: 

III. Non-establishment of opinion with regard to novelty, inventive step and industrial applicability 

1. The questions whether the claimed invention appears to be novel, to involve an inventive step (to be non- 
obvious), or to be industrially applicable have not been examined in respect of: 

□ the entire international application. 
H claims Nos. 1 -8. 



□ the said international application, or the said claims Nos. relate to the following subject matter which does 
not require an international preliminary examination (specify): . 



E3 the description, claims or drawings (indicate particular elements below) or said claims Nos. 1 -8 are so 
unclear that no meaningful opinion could be formed (specify): 
see separate sheet 

□ the claims, or said claims Nos. are so inadequately supported by the description that no meaningful opinion 
could be formed. 

□ no international search report has been established for the said claims Nos. . 

2. A meaningful international preliminary examination cannot be carried out due to the failure of the nucleotide 
and/or amino acid sequence listing to comply with the standard provided for in Annex C of the Administrative 
Instructions: 

□ the written form has not been furnished or does not comply with the standard. 

□ the computer readable form has not been furnished or does not comply with the standard. 



VII. Certain defects in the international application 

The following defects in the form or contents of the international application have been noted: 
see separate sheet 
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VIII. Certain observations on the international application 

The following observations on the clarity of the claims, description, and drawings or on the question whether the 
claims are fully supported by the description, are made: 
see separate sheet 
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1 . General 

The present application does not satisfy the criteria set forth 
in Article 6 PCT. Details of the objections are set out below. 

2. Concerning Section VIII - Art. 6 PCT: 
2.1. Claim 1 

The wording of claim 1 is unclear (Art. 6 PCT contravened), for 
at least the following reasons: 

Page 12 lines 15-16: It is not clear by which means the display 

means 17 is controlled (according to Fig. 3 # it is controlled 
by the application 11) . 

Page 12 lines 21-23: The feature "emitting means (29, 38) for 
entering crypted digits ..." alludes to second possibility 
for the user to enter his PIN by way of encrypted digits 
thereof. This does not match with the description (p. 7 lines 
9-16, Figs . 3 , 4) according to which an encrypted digit is 
merely displayed under control of the application when the 
user presses a key for entering a digit of his PIN. The 
presently used term "entering" in conjunction with "emitting" 
is considered to be misleading in this context. 

Page 12 lines 25-28: This passage appears to be a mere duplicate 
of the substance provided by lines 9 to 14 . 

One feature identified therein is that "the security ma- 
nager means are arranged to give authorization to run the ap- 
plication after full entry of said crypted digits". In this 
context, it is not clear in which way the security manager 
means are informed about the crypted digits being fully dis- 
played under control of the application. 

The description appears to be silent about a connection 
from the display of crypted digits to the security manager 
means, so that support of the feature as presently claimed by 
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a described embodiment cannot at present be acknowledged. 

It is further to be noted that it is an inherent feature 
resulting from lines 12-14 that the user has to input all the 
digits of a PIN before a match with the registered PIN code 
can be detected by the security manager means . 

It is further considered that the last paragraph of claim 
1 is superfluous and as such obscures the claim's scope of 
protection. 

These objections and other objections under Art. 6 PCT could be 
overcome by drafting claim 1 in the following manner (basis of 
suggested amendments: Figs. 3-5 and related text passages, such 
as p. 7 lines 9-16, p. 11 lines 1-2) : 

"1 . 

A system (10, S) for authenticating 
the system comprising : 

(a) input means (15; 34-37) for PIN code entry, 

(b) security manager means (13, 33) for comparing the PIN code 
of the user inputted via said input means upon a request (49) 
for user authentication , supplied from the application, with 
a registered PIN code and for giving an authorisation signal 
(20) to said application to run said application if the PIN 
code of the user matches with the registered PIN code, 

(c) display means (17, 29, 38) for displaying any graphics 
including a PIN entry field, 

the system being characterised by further comprising 

(d) means for providing said request (16, 41) for user authen- 
tication from said application to said display means, wherein 
said request is displayed with the PIN entry field of the 
display means and is displayed with the look and feel of said 
application, 

(e) means for supplying (18) information from said security 
manager means to said application about PIN code entering 
kev-pressing operations by said user, wherein entered PIN 
code is not supplied to said application ; 

(f) and display control means (2 9, 38) coupled to said applica- 
tion to effect display of crypted digits in said PIN entry 
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field corresponding to said information about PIN code 
entering operations supplied to said application. 

It is to be noted that the feature "with the look and feel of 
said application" is considered an artistic feature rather than 
a technical feature. Thus the feature does not lend itself to 
establishing novelty or inventive step given the provisions of 
Art . 52 <l)b) . 

Moreover, in the suggestion set out above, feature (e) is provi- 
ded as a feature which is considered essential to achieving the 
objectives of the invention set out in the introductory portion 
of the description (avoiding the transmission of a pin code to 
the application while still providing a pin entry feedback to 
the user in the framework of the look and feel of the applica- 
tion) . The present claim contravenes Art. 6 PCT because it lacks 
this essential feature. 

2.2. Claim 4 

Claim 4 also suffers from at least some of the deficiencies 
identified above with respect to claim 1 (c.f. paragraph 2.1 
above) . 

These and other deficiencies will become apparent from the 
following suggestion for an amended claim 4, which suggestion is 
streamlined with the suggestion for claim 1, and in which the 
deficiencies with respect to Art. 6 PCT are considered to be 
overcome : 

"4 . 

A method for authenticating . . . , 
wherein 

(a) said application provides a display of a request (16) for 
user authentication upon which recruest the user enters (43) a 
PIN code through input means; 

(b) the entered PIN code is compared (45; 56) with a registered 
PIN code within security manager means and if the PIN 
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code of the user matches with the registered PIN code the 
security manager means provide to the information system an 
authorisation (20; 47) to run said application ; 

(c) said request for user authentication is displayed bv display- 
means, along with a PIN entry field. 

the method being characterized in that 

(d) the request (16) for user authentication is provided from 
said application to the display means, and is displayed with 
the look and feel (16) of said application; 

(e) information is supplied (18; 55) from the security manager 
means to the application about PIN code entering key-pressing 
operations bv said user, wherein entered PIN code is not 
supplied to said application ; 

(f) and the application causes crypted digits to be displayed in 
said PIN entry field corresponding to said information about 
PIN code entering kev-pressing operations supplied to said 
application . 

2.3. Claims 2, 3, 7, 8 

According to the description (eg Fig. 3), the application 11 
interacts with the security manager and controls display 17 in a 
particular manner (encrypted display of inputted PIN charac- 
ters) . Such interactions and operations are not compatible with 
normal broadcast television programs (unidirectional transmis- 
sion only) . To overcome this problem, claim 2 could be amended 
to read e.g.: 

"A system . . . characterised in that the application includes 
a television program" . 

Claims 3, 7 and 8 could be correspondingly amended. 

2.4. Claims 5, 6 

In light of the suggestion in respect of claim 4 set out above, 
claim 5 as presently on file does not appear to provide any 
substantial further information. If the suggested amendments to 
claim 4 are adopted, claim 5 would be superfluous. 
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3. Concerning Section V - Articles 33(2) and 33(3) PCT 

The following document are cited: 
Dl: US-A-5 870 723; 
D2: US-A-5 267 149. 

3.1. 

In view of the claims 1 s deficiencies with respect to Art. 6 PCT # 
it is not possible to examine the claims with respect to novelty 
and inventive step. 

3.2. 

However, a preliminary opinion as to novelty and inventive step 
of an amended claim 1 as proposed above is provided below: 

Dl discloses (col. 16 lines 19-29) displaying a request to a user 
to enter his PIN code, enabling input means therefor, receiving 
PIN code key input from the user and providing input feedback to 
the user by displaying the PIN code in encrypted form. The ente- 
ring of a PIN code as disclosed implies a subsequent action, 
such as enabling an application to run, when the entered PIN 
code is detected to be correct, e.g. by way of comparison with a 
registered PIN code. 

Thus Dl anticipates features (a) to (c) identified in the 
proposal for claim 1 set out in paragraph 2.1 above. 

According to Dl (abstract) , the PIN code is encrypted at a 
user's terminal and transmitted to a host computer which pro- 
vides a current application. This is different from claim 1 
(feature (e) as proposed) according to which not the PIN code 
but merely key stroke indications are transmitted to the (host) 
application. 

Also, Dl does not appear to provide any detail as to how 
precisely (from where) the display of the PIN code entry field 
and the display of the encrypted PIN code are controlled. Thus 
controlling the display from the application can be considered 
another detail of claim 1 (as proposed for amendment) that is 
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not anticipated. 

Moreover, Dl is not concerned with the specific objectives 
(identified in paragraph 2.1 above) underlying the subject-mat- 
ter of claim 1 (as disclosed in the description and as conside- 
red to be sufficiently represented now in the proposal for amen- 
ding claim 1) . 

The relevant teachings of D2 (Figs. 3, 6 and related text passa- 
ges) are similar to those of Dl . 

The subject-matter provided by claim 1 as proposed for amendment 
does not appear to be compromised by the presently available 
prior art . 

The findings set out in hereinabove with respect to an amended 
claim 1 would correspondingly apply to an amended claim 4 . 

4. Concerning Section VII: Description and formal matters 

(a) Documents reflecting the prior art referred to on page 1 
(lines 23-26) and described on pages 1-3 are not identified 
in the description (Rule 5.1(a) (ii) PCT) . 

(b) Contrary to the requirements of Rule 5.1(a) (ii) PCT, the 
relevant background art disclosed in the documents Dl and D2 
is not mentioned in the description, nor are these documents 
identified therein. 

(d) In Fig. 6, the text of box 54 should correctly read " . . . 

GRABBING" and the text of box 57 should correctly read "... 
SUCCESS 
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1. Basis of the repo rt 

a. WSh regard to the language, the frrtemational search was carried out on the basta of the International appOcation In the 
language fan which It was fBed, unless otherwise Indicated under thb Rem. 

I I the International search was carried out on the baste of a translation of the International appflcation furnished to this 
L — 1 Authority (Rule 23.1 (b)). 
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j | contained hi the International application In written form. 

filed together wtth the International application In computer readable form, 
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furnished subsequently to thte Authority In computer readbte form. 



□ 
□ 
□ 
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the statement that the subsequently furnished written sequence Dsttng does not go beyond the disclosure In the 
International application as filed has been furnished. 

the statement that the Information recorded In computer readable form te Identical to the written sequence listing has been 
furnished 



2. 

a 



| | Certain claims were found unsearchable (See Box I). 
|~~) Unity of invention is lacking (see Box II). 



4. Wfth regard to the tftto, 

|X| the text te approved as submitted by the applicant 

| | the text has been established by thte Authority to read as follows: 



& Wth regard to the abstract, 

|X| the text te approved as submitted by the applicant 

□ the text has been estabttshed, according to Rule 3a2(b), by this Authority as ft appears In Box IIL The appQcant may, 
wfthki one month from the date of mailing of thts tntemationaJ search report, eubmft comments to this Authority. 

a The figure of the dm wi ngs to be published with the abstract te Figure No. 3 

|X[ as suggested by the applicant Q None of trie figures. 

| | because the appflcant failed to suggest a figure. 

| | because this figure better characterizes the Invention. 
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28 October 1997 (1997-10-28) 
abstract 
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figure 3B 
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(57) Abstract: The present invention concerns a system (10) and a process for authenticating a PIN code of a user in an interactive 
information system in order to run an application. It comprises input means (15) for PIN code entry, security manager means (13) 
for comparing the PIN code of the user upon a request for user authentication from the application, with a registered PIN code, and 
giving authorisation to run said application if the PIN code of the user matches with the registered PIN code, and display mp-ang (17) 
for displaying any graphics including a PIN entry field. The request for user authentication is provided on the display means via the 
PIN entry field with the look and feel of said application. The system further comprises emitting means for entering crypted digits, 
the security manager means (13) being arranged to give authorisation to run the application after full entry of said crypted digits and 
if the PIN code of the user is identical to the registered PIN code. 
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FLEXIBLE INTERFACE FOR SECURE INPUT OF PIN CODE 

The invention is related to interfaces between man 
and machine such as computer, telephone or television 
5 devices, which need a Personal Identification Number 
(PIN) to authenticate the user running an 
application. 

By running an application, one should understand 
to continue or to have access to an application or to 
10 specific resources of an application. 

The invention is more particularly but not 
exclusively related to a system and a method used in 
an interactive information system such as an 
entertainment system, 
is Requirements, for security in interactive 

entertainment systems are contradictory. 

This is because, in order to run an application, 
an authentication of the user/viewer is needed while 
using the specific look and feel of the application. 
20 However, it is also preferred that the PIN code 

should not be given to the application for security 
purpose. 

In fact, two types of solutions are presently 
known for authentication. Both present drawbacks, as 
25 they are only capable of fulfilling part of the above 
requirements . 

Either the application presents its own user 
interface for PIN entry, then queries the underlying 
system to check if the given PIN is correct. 
30 This solution does not hide the PIN code from the 

application. 
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Or the application requests the underlying system 
to authenticate the viewer. For this the underlying 
system, using its own look and feel, prompts the 
viewer for its PIN, verifies its validity and then 
5 returns the information that the viewer is authorised 
or not to the application. 

This solution is safe, but does not allow 
integration of the PIN entry with the application 
look and feel . 

io In other words and referring to figure 1, it is 

shown a system which presents a good look and feel , 
but which is not safe, as the PIN code is known by 
the application. 

More precisely, the application 1 has total 

15 control of the look and feel . 

The viewer provides his PIN code through input 
means 2 in digital data to the application via an 
input device, for instance transmitted as infrared 
signals 3 to the device on which runs the application 

20 which displays in 4 the look and feel for the PIN 
entry field. 

Such application, which is now aware of the PIN 
code, transmits it in 5 to security manager means 6 
which, after checking, confirms in 7 authorisation 
25 from the system 8 . 

The PIN code (Input means 2) is therefore provided 
outside of the system 8, which is unsecured, and may 
allows third parties to have access to the PIN code. 
Figure 2 displays the other way of functioning of 
30 a known system of the prior art. 
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Here, the application 1 has no control over the 
look and feel, contrarily to the precedent case. 

The application 1 requests in 9 the system 8 to 
identify the user, 
s The security manager means 6 uses the input means 

2 (PIN Code) , provided in 3 and the display screen to 
create in 4 a display of the PIN entry field. 

When the security manager means 6 has checked the 
PIN code, it gives authorisation (7) to display or to 
io access to resource to the application 1. 

On a security point of view this system is good 
as, at no point, the system 8 gives out the PIN code 
to the application. 

However, the look and feel is here totally under 
15 system control, without any consideration for the 
current application look and feel. 

It is therefore a main object of the present 
invention to provide an improved system and method 
for authorising a secure way of authentication for an 
20 access to an application through a PIN code while 
using the look and feel of said application during 
the PIN code interrogation. 

It is another object of the invention to provide 
an improved system and method wherein the safety 
25 needed for PIN code entry, is combined with perfect 
integration of the prompt with the service. 

It is another objet of the invention to provide a 
simple and cost saving flexible interface for secure 
input of a PIN code. 
30 The problems outlined' above, are in large part 

solved by a system for authenticating a PIN code of a 
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user in an interactive information system, in order 
to run an application which comprises : 

• input means for PIN code entry, 

• security manager means for comparing the PIN 
5 code of the user, upon a request for user 

authentication from the application, with a 
registered PIN code, and giving authorisation to run 
said application if said PIN code of the user matches 
the registered PIN code, * 
io • and display means for displaying any graphics 

including a PIN entry field, 
characterised in that 

the request for user authentication being provided on 
the display means via the PIN entry field with the 
15 look and feel of said application, the system further 
comprises emitting means for entering crypted digits 
in said PIN entry field upon entering the PIN code of 
the user in the security manager means through said 
input means, 

20 and the security manager means are arranged to give 
authorisation to run the application after full entry 
of said crypted digits and if the PIN code of the 
user is identical to the registered PIN code. 

With such system the PIN code remains hidden from 

25 the environment, the user having only the impression 
to enter physically his PIN code within the PIN entry 
field of the application. In fact, it remains in the 
security manager means, which is within the system. 
In a preferred embodiment the application is a 

3 0 television program. 
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The invention also provides a method for 
authenticating a PIN code of a user in an interactive 
information system, in order to run an application, 
wherein said information system emits a request for 
5 authenticating a user, 

said user enters a PIN code through input means, 
said PIN code of the user is compared with a 
registered PIN code, within security manager means, 
and authorisation is provided to run said application 
10 if the PIN code of the user matches with the 
registered PIN code, 
characterised in that 

the request for authenticating being provided with 
a PIN entry field having the look and feel of the 
15 application, 

crypted digits are entered in said PIN entry 
field, upon entering the PIN code by the user in the 
security manager means, 

and authorisation to display the application is 
20 only provided after full entry of said crypted 
digits, and if the PIN code signal of the user is 
identical to the registered PIN code as checked by 
the security manager means . 

The invention will be better understood from 
25 reading the following description of a particular 
embodiment given by way of non limiting example, and 
which refers, additionally to the above mentioned 
figures showing the prior art, to the accompanying 
drawings in which : 
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- Figures 1 and 2, already mentioned, are 
schematic drawings figuring the architecture of the 
PIN code interface of the prior art . 

- Figure 3 is a schematic drawing showing the 
5 architecture of the system according to the present 

invention. 

- Figure 4 is a schematic drawing showing an 
interactive television system for implementing the 
invention. 

io - Figure 5 is a flowchart related to the 

application according to the embodiment of the 
invention more particularly described here. 

- Figure 6 is a flowchart implemented by the 
security manager means according to the embodiment of 

is the invention more ' particularly described here. 

Figure 3 shows a system 10 arranged to 
authenticate the user before running an application 
11/ according to the invention. 

The application 11 initiates a PIN entry request 
20 12 to authenticate the user request and 
simultaneously asks the security manager means 13 to 
handle key input 14 to be introduced through Input 
means 15, for instance through a key pad. 

The security manager means 13 comprises a small 
25 computer system including a central processing unit 
(CPU), memory and local storage. It is connected to 
input/output ports. 

It is programmed in order to provide the different 
steps according to the method of the invention. 
30 The application having total control over the 

graphics displayed and their look and feel, the look 
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and feel 16 for PIN entry is provided on display 
means 17 according to the application. 

The display means can be a TV screen, an LCD 
screen of a remote portable telephone, etc. 
5- As the security manager means 13 is asked to enter 

the PIN entry mode, it grabs key inputs 14, analyses 
these inputs for user authentication and relays in 18 
the key presses to the application. 

The security manager means does not relay the key 
io values, which therefore remains within the system, 
but only relays the fact that a key has been pressed, 
letting for instance the application display an X for 
each key pressed, in the PIN entry field. 

This way the application does not learn about the 
15 PIN, but can give user feedback 19 to the display 
means 1 7 . 

When the security manager means 13 recognises the 
PIN, it informs in 20 the application that the 
user/viewer has been authenticated. 
20 The application can then run, be displayed and/or 

operate . 

Figure 4 shows schematically an interactive 
television system 21 including a system S according 
to the embodiment of the invention more particularly 
25 described here. 

A broadcaster 22 transmit through a satellite 23 
the signal corresponding to the look and feel of an 
application request (arrows 24) , for instance a Pay 
TV program. 
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The signal is provided to -a digital interactive 
decoder 25, currently packaged in a set -top connected 
to a television 26. 

It delivers true interactive television using the 
5 broadcast -oriented infrastructure currently 

predominant in the television industry. 

The decoder 25 comprises in a manner known per se, 
a demultiplexer 2 7 and an application programming 
interface 28, stored in a local memory (RAM, EPROM 
10 FLASH memory, . . . ) , such as the one proposed by the 
applicant OPEN TV, and which provides a library of 
functions which can display graphics on the 
television screen, control audio/video services, 
accept user input and communicate with the outside 
15 world. 

The decoder 2 5 also comprises a CPU 29, 
Audio/Video decoding, means 30, connected through 
audio video output 31 to the television set 26, 
storage means 32 for storing an operating system for 
20 the CPU 29, such as the one provided by OPEN TV. 

The CPU 29 further includes part of the security 
manager means 33 as described in the invention. 

The decoder 25 also comprises Input means 34 such 
as infrared sensors arranged to receive infrared 
25 signals 35 emitted by a remote control apparatus 3 6 
having a key pad 37, and display function means 38 
controlled by the CPU . 

The decoder 25 also comprises output means having 
a modem and/or a multiplexer 3 9 for providing back 
3 0 return signals 4 0 on a return channel to the 
broadcaster 22 and/or a server. 
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The broadcast system may be, of course based on 
satellite or cable or some other medium. 

Figure 5 shows a block diagram according to an 
embodiment of the invention to be included in an 
5 application to authenticate the users to continue or 
to have access to specific resources which needs 
authentication by a PIN code. 

The application first uses some display function 
(block 41) to present a PIN entry field to the 
io viewer. 

It then asks the security manager means to enter 
the PIN entry mode and check in 43 if keys are 
pressed . 

As keys are pressed, it gives (block 44) feedback 
15 using the display function. 

If the user is not authenticated (step 45) , it 
comes back (loop 46) to check 43. 

If the user is authenticated (in 47) , there is an 
OK from the security manager means and the 
20 application can go on (step 48) . 

An example of a block " diagram of the security 
manager program is provided on figure 6 and is 
performed entirely (and secretly) within the System 
S. 

25 At the application request in 49, the security 

manager means enters a PIN entry mode (step 50) . 

The PIN repertory is then initialised to empty in 
51 and the system wait for a key to be pressed (check 
52) . 
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If the key is an « ending » key (for instance OK 
or enter), (check 53) there is a release of the key 
input grabbing (step 54) . 

If not there is a loop 55 for more key. 
s After release of the' key input grabbing, the 

security manager means checks in 56 the entered PIN 
against the user's PIN. 

It then either returns success (step 57) , or 
' failure (step 58) to application (step 45 of the 
10 application), before exiting PIN entry mode in 59. 

It will now be described the functioning of the 
system while referring to figure 4. 

At the broadcast site, pay TV programs of a 
Specific Provider are stored. 
15 The pay TV programs are encoded into a digital 

bitstream which is compressed and multiplexed with 
the signal of the PIN code field of the Specific 
Provider, including its logo and a menu to allow the 
viewer to have access to other movies of the 
20 provider, to form a single bitstream. 

This single bitstream is then broadcasted to all 
subscribers. At each customer's site, the bitstream 
is received by the decoder 25 where the audio and 
video are decompressed and the PIN code field is sent 
25 to the customer's television set 26. 

The request for the PIN code of the user is 
therefore prompted to the viewer. 

The viewer then, for instance through a remote 
control apparatus, can enter his PIN code by pressing 
30 keys . 
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At each pressing, a cross appears in the PIN entry- 
field on the TV Screen. 

Meanwhile the Security manager means ■ 33 compares 
the PIN code with a preregistered user' s PIN code 
5 entered before in the " decoder for instance via a 
modem . 

If the PIN codes matches, signals are sent to the 
application decoding process 30, and such decoding 
process is then authorised for displaying the 

10 application on the TV set. 

Additional advantages and modifications will 
readily occur to those skilled in the art . Therefore 
the present invention in its broader aspects is not 
limited to the specific details, representative 

is devices and illustrated examples shown and described 
herein. 

For instance, it also includes application to PIN 
code entry for obtaining specific services through 
mobile phone, for instance via GSM, or other specific 
20 services via Television and/or Internet. 
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CLAIMS 

1. A system (10, S) for authenticating a PIN code 
of a user in an interactive information system in 

5 order to run an application (11) , 
wherein it comprises 

- input means (15, 34, 35, 36, 37) for PIN code 
• entry, 

- security manager means (13, 33) for comparing 
lo the PIN code of the user upon a request for user 

authentication from the application, with a 
registered PIN code, and giving authorisation to run 
said application if the PIN code of the user matches 
with the registered PIN code, and 
is - display means (17, 29, 38) for displaying any 

graphics including a PIN entry field, 
characterised in that 

the request for user authentication being provided on 
the display means via the Pin entry field with the • 

20 look and feel of said application, the system further 
comprises emitting means (29, 38) for entering 
crypted digits in said PIN entry field upon entering 
the PIN code of the user in the security manager 
means through said input means, 

25 and the security manager means (13, 33) are arranged 
to give authorisation to run the application after 
full entry of said crypted digits and if the PIN code 
of the user is identical to the registered PIN code. 

2 . A system according to claim 1 characterised in 
30 that the application is a television program. 
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3. A system according to claim 1, characterised 
in that the application is a service provided on 
mobile Telephone. 

4 . A method for authenticating a PIN code of a 
5 user in an interactive information system, in order 

to run an application, 

wherein said information system emits a request for 
authenticating a user (41) , 

said user enters a PIN code (43) through input means, 
10 said PIN code of the user is compared (45) with a 

registered PIN code within security manager means, 

and authorisation is provided to run said application 

if the PIN code of the user matches with the 

registered PIN code, 
15 characterised in that 

the request for authenticating being provided with 

a PIN entry field having the look and feel of the 

application, 

- crypted digits are entered (44) in said PIN entry 
20 field, upon entering the PIN code by the user in the 
security manager means, 

and authorisation to display the application is only 
provided (47) after full entry of said crypted 
digits, and if the PIN code of the user is identical 
25 to the registered PIN code as checked by the security 
manager means . 

5. A method according to claim 4, characterised 
in that, for presenting the request for 
authentication, the application undertakes the 

30 following steps : 
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- presenting a PIN entry field to the user (41) , 

- asking the security manager means to enter a PIN 
Entry Mode (42) , 

- the input means comprising keys, checking if keys 
5 are pressed by the user (4*3) , 

- while keys are pressed, giving feedback in 
entering said crypted digits in said PIN entry field 
(44) , and, 

" - if the user is authenticated (4 5) by said security 
io manager means, giving said authorisation (47) to 
display (48) the application. 

6. A method according to any of claims 4 and 5, 
characterised in that, for providing the 
authorisation to display the application the security 
is • manager means undertakes the following steps : 

- at the request of the application entering a PIN 
entry mode (50) , 

- initialising to empty a PIN repertory (51) and, 
the input means comprising keys, waiting for a key to 

20 be pressed by the user (52) , 

- upon occurrence of pressing an « ending key », 
checking if a release occurs (53), checking the 
entered PIN against the user's PIN (56), and if 
success authorising the application to run. 

25 7. A method according to any of claims 4 to 6 , 

characterised in that the application is a Television 
program - 

8. A method according to any of claims 4 to 6 , 
characterised in that the application is a service 
30 provided on a mobile telephone. 
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